[tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows UI dialog with URI

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 18 09:47:24 UTC 2017


#18101: IP leak from Windows UI dialog with URI
-------------------------------------------------+-------------------------
 Reporter:  uileak                               |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-disk-leak, tbb-proxy-bypass,     |  Actual Points:
  TorBrowserTeam201711                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 Replying to [comment:70 pospeselr]:

 Thanks for the review and the very helpful comments.

 > We might be able to detour whichever root offending function is causing
 the DNS request to happen but that will require more investigation, and
 would be inherently fragile and would need to be tested on every Windows
 SKU.

 I think this is a good idea, even if it's fragile. (Of course automated
 regression tests would help.) I'd like to pursue this instead of my
 earlier patch.

 I managed to obtain a stack trace responsible for the DNS leak when I
 enter an https:// URL and click the Open button:
 {{{
 06eae9d4 731034ae davclnt!NPGetResourceInformation
 06eaea2c 731035a6 MPR!WNetEnumResourceW+0x456
 06eaea68 73103558 MPR!WNetEnumResourceW+0x54e
 06eaea74 731038c3 MPR!WNetEnumResourceW+0x500
 *** ERROR: Symbol file could not be found.  Defaulted to export symbols
 for C:\Windows\syswow64\SHELL32.dll -
 06eaeab4 76b3b8e2 MPR!WNetGetResourceInformationW+0x26
 06eaeaf8 76b3b83d SHELL32!SHQueryUserNotificationState+0x56a
 06eaeb1c 76e276b2 SHELL32!SHQueryUserNotificationState+0x4c5
 06eaef78 76e280c9 SHELL32!StgMakeUniqueName+0x78d0a
 06eaf50c 76d0d2d1 SHELL32!StgMakeUniqueName+0x79721
 06eaf75c 76bb7a03 SHELL32!Ordinal733+0x2db33
 06eaf7e0 76da48a1 SHELL32!InternalExtractIconListA+0xb06
 06eaf82c 76da4945 SHELL32!Ordinal262+0x1d5f
 06eaf874 76bb9d83 SHELL32!Ordinal262+0x1e03
 06eaf8b4 76bb804b SHELL32!Ordinal866+0x1b14
 06eaf930 76bb7a03 SHELL32!SHParseDisplayName+0x1d0
 06eaf9b4 76bb7f24 SHELL32!InternalExtractIconListA+0xb06
 *** ERROR: Symbol file could not be found.  Defaulted to export symbols
 for C:\Windows\SysWOW64\comdlg32.dll -
 06eafa00 7660c9b9 SHELL32!SHParseDisplayName+0xa9
 06eafa48 7660b14f comdlg32!PrintDlgExW+0x7e23
 06eafeb4 7660aecb comdlg32!PrintDlgExW+0x65b9
 }}}

 Then I confirmed that WNetGetResourceInformation causes a DNS leak by
 running the `CheckServer()` example at https://msdn.microsoft.com/en-
 us/library/windows/desktop/aa385369(v=vs.85).aspx .

 So next I will look into how we can use Mozilla's detour utility.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:72>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list